Lines Matching +full:- +full:- +full:without +full:- +full:libpsl
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
21 * SPDX-License-Identifier: curl
38 Adds a cookie to the in-memory cookie jar.
55 Set-cookie: PRODUCTINFO=webxpress; domain=.fidelity.com; path=/; secure
56 Set-cookie: PERSONALIZE=none;expires=Monday, 13-Jun-1988 03:04:55 GMT;
58 Set-cookie: FidHist=none;expires=Monday, 13-Jun-1988 03:04:55 GMT;
60 Set-cookie: FidOrder=none;expires=Monday, 13-Jun-1988 03:04:55 GMT;
62 Set-cookie: DisPend=none;expires=Monday, 13-Jun-1988 03:04:55 GMT;
64 Set-cookie: FidDis=none;expires=Monday, 13-Jun-1988 03:04:55 GMT;
66 Set-cookie:
67 Session_Key@6791a9e0-901a-11d0-a1c8-9b012c88aa77=none;expires=Monday,
68 13-Jun-1988 03:04:55 GMT; domain=.fidelity.com; path=/; secure
104 future. (from RFC6265bis draft-19)
111 if((TIME_T_MAX - COOKIES_MAXAGE - 30) > now) { in cap_expires()
113 if(co->expires > cap) { in cap_expires()
115 co->expires = (cap/60)*60; in cap_expires()
122 free(co->domain); in freecookie()
123 free(co->path); in freecookie()
124 free(co->spath); in freecookie()
125 free(co->name); in freecookie()
126 free(co->value); in freecookie()
140 hostname + hostname_len-cookie_domain_len, in cookie_tailmatch()
154 if('.' == *(hostname + hostname_len - cookie_domain_len - 1)) in cookie_tailmatch()
161 * RFC6265 5.1.4 Paths and Path-Match
185 /* #-fragments are already cut off! */ in pathmatch()
194 * 4. Output the characters of the uri-path from the first character up in pathmatch()
195 * to, but not including, the right-most %x2F ("/"). in pathmatch()
197 * without redirect. in pathmatch()
209 /* not using checkprefix() because matching should be case-sensitive */ in pathmatch()
215 /* The cookie-path and the uri-path are identical. */ in pathmatch()
235 * Return the top-level domain, for optimal hashing.
246 first = memrchr(domain, '.', (last - domain)); in get_top_domain()
248 len -= (++first - domain); in get_top_domain()
264 * A case-insensitive hash for the cookie domains.
313 len--; in sanitize_cookie_path()
315 if(len && (new_path[len - 1] == '\"')) { in sanitize_cookie_path()
316 new_path[--len] = 0x0; in sanitize_cookie_path()
321 /* Let cookie-path be the default-path. */ in sanitize_cookie_path()
327 if(len && new_path[len - 1] == '/') { in sanitize_cookie_path()
328 new_path[len - 1] = 0x0; in sanitize_cookie_path()
341 struct curl_slist *list = data->state.cookielist; in Curl_cookie_loadfiles()
346 Curl_cookie_init(data, list->data, data->cookies, in Curl_cookie_loadfiles()
347 data->set.cookiesession); in Curl_cookie_loadfiles()
353 infof(data, "ignoring failed cookie_init for %s", list->data); in Curl_cookie_loadfiles()
355 data->cookies = ci; in Curl_cookie_loadfiles()
356 list = list->next; in Curl_cookie_loadfiles()
368 * parsing in a last-wins scenario. The caller is responsible for checking
402 if(now < ci->next_expiration && in remove_expired()
403 ci->next_expiration != CURL_OFF_T_MAX) in remove_expired()
406 ci->next_expiration = CURL_OFF_T_MAX; in remove_expired()
412 for(n = Curl_llist_head(&ci->cookielist[i]); n; n = e) { in remove_expired()
415 if(co->expires && co->expires < now) { in remove_expired()
418 ci->numcookies--; in remove_expired()
425 if(co->expires && co->expires < ci->next_expiration) in remove_expired()
426 ci->next_expiration = co->expires; in remove_expired()
442 size_t i = dot - domain; in bad_domain()
443 if((len - i) > 1) in bad_domain()
455 cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
457 But Firefox and Chrome as of June 2022 accept space, comma and double-quotes
463 /* Reject all bytes \x01 - \x1f (*except* \x09, TAB) + \x7f */ in invalid_octets()
470 /* scan for all the octets that are *not* in cookie-octet */ in invalid_octets()
511 /* This line was read off an HTTP-header */ in parse_cookie_header()
526 /* we have a <name>=<value> pair or a stand-alone word here */ in parse_cookie_header()
537 while(nlen && ISBLANK(namep[nlen - 1])) in parse_cookie_header()
538 nlen--; in parse_cookie_header()
547 while(vlen && ISBLANK(valuep[vlen-1])) in parse_cookie_header()
548 vlen--; in parse_cookie_header()
553 vlen--; in parse_cookie_header()
572 if(nlen >= (MAX_NAME-1) || vlen >= (MAX_NAME-1) || in parse_cookie_header()
582 * "the rest". Prefixes must start with '__' and end with a '-', so in parse_cookie_header()
586 if(strncasecompare("__Secure-", namep, 9)) in parse_cookie_header()
587 co->prefix_secure = TRUE; in parse_cookie_header()
588 else if(strncasecompare("__Host-", namep, 7)) in parse_cookie_header()
589 co->prefix_host = TRUE; in parse_cookie_header()
598 if(!co->name) { in parse_cookie_header()
604 strstore(&co->name, namep, nlen); in parse_cookie_header()
605 strstore(&co->value, valuep, vlen); in parse_cookie_header()
607 if(!co->name || !co->value) in parse_cookie_header()
610 if(invalid_octets(co->value) || invalid_octets(co->name)) { in parse_cookie_header()
627 if(secure || !ci->running) { in parse_cookie_header()
628 co->secure = TRUE; in parse_cookie_header()
635 co->httponly = TRUE; in parse_cookie_header()
643 strstore(&co->path, valuep, vlen); in parse_cookie_header()
644 if(!co->path) in parse_cookie_header()
646 free(co->spath); /* if this is set again */ in parse_cookie_header()
647 co->spath = sanitize_cookie_path(co->path); in parse_cookie_header()
648 if(!co->spath) in parse_cookie_header()
662 vlen--; in parse_cookie_header()
667 * Without PSL we do not know when the incoming cookie is set on a in parse_cookie_header()
681 strstore(&co->domain, valuep, vlen); in parse_cookie_header()
682 if(!co->domain) in parse_cookie_header()
686 co->tailmatch = TRUE; /* we always do that if the domain name was in parse_cookie_header()
702 else if((nlen == 7) && strncasecompare("max-age", namep, 7)) { in parse_cookie_header()
706 * Optional. The Max-Age attribute defines the lifetime of the in parse_cookie_header()
707 * cookie, in seconds. The delta-seconds value is a decimal non- in parse_cookie_header()
708 * negative integer. After delta-seconds seconds elapse, the in parse_cookie_header()
716 &co->expires); in parse_cookie_header()
720 co->expires = CURL_OFF_T_MAX; in parse_cookie_header()
724 co->expires = 1; in parse_cookie_header()
727 if(!co->expires) in parse_cookie_header()
729 co->expires = 1; in parse_cookie_header()
730 else if(CURL_OFF_T_MAX - now < co->expires) in parse_cookie_header()
732 co->expires = CURL_OFF_T_MAX; in parse_cookie_header()
734 co->expires += now; in parse_cookie_header()
740 if(!co->expires && (vlen < MAX_DATE_LENGTH)) { in parse_cookie_header()
742 * Let max-age have priority. in parse_cookie_header()
750 co->expires = Curl_getdate_capped(dbuf); in parse_cookie_header()
755 * non-session cookie in parse_cookie_header()
757 if(co->expires == 0) in parse_cookie_header()
758 co->expires = 1; in parse_cookie_header()
759 else if(co->expires < 0) in parse_cookie_header()
760 co->expires = 0; in parse_cookie_header()
781 if(!co->domain && domain) { in parse_cookie_header()
783 co->domain = strdup(domain); in parse_cookie_header()
784 if(!co->domain) in parse_cookie_header()
788 if(!co->path && path) { in parse_cookie_header()
791 * passed-in path to this function MAY have a '?' and following part that in parse_cookie_header()
804 endslash = memrchr(path, '/', (queryp - path)); in parse_cookie_header()
806 size_t pathlen = (endslash-path + 1); /* include end slash */ in parse_cookie_header()
807 co->path = Curl_memdup0(path, pathlen); in parse_cookie_header()
808 if(co->path) { in parse_cookie_header()
809 co->spath = sanitize_cookie_path(co->path); in parse_cookie_header()
810 if(!co->spath) in parse_cookie_header()
822 if(!co->name) in parse_cookie_header()
825 data->req.setcookies++; in parse_cookie_header()
838 * reading the odd netscape cookies-file format here in parse_netscape()
845 * In 2008, Internet Explorer introduced HTTP-only cookies to prevent XSS in parse_netscape()
852 co->httponly = TRUE; in parse_netscape()
872 len--; in parse_netscape()
874 co->domain = Curl_memdup0(ptr, len); in parse_netscape()
875 if(!co->domain) in parse_netscape()
884 co->tailmatch = !!strncasecompare(ptr, "TRUE", len); in parse_netscape()
890 co->path = Curl_memdup0(ptr, len); in parse_netscape()
891 if(!co->path) in parse_netscape()
894 co->spath = sanitize_cookie_path(co->path); in parse_netscape()
895 if(!co->spath) in parse_netscape()
901 co->path = strdup("/"); in parse_netscape()
902 if(!co->path) in parse_netscape()
904 co->spath = strdup("/"); in parse_netscape()
905 if(!co->spath) in parse_netscape()
910 co->secure = FALSE; in parse_netscape()
912 if(secure || ci->running) in parse_netscape()
913 co->secure = TRUE; in parse_netscape()
926 curlx_strtoofft(ptr, &endp, 10, &co->expires) || endp != &ptr[len]) in parse_netscape()
931 co->name = Curl_memdup0(ptr, len); in parse_netscape()
932 if(!co->name) in parse_netscape()
936 if(strncasecompare("__Secure-", co->name, 9)) in parse_netscape()
937 co->prefix_secure = TRUE; in parse_netscape()
938 else if(strncasecompare("__Host-", co->name, 7)) in parse_netscape()
939 co->prefix_host = TRUE; in parse_netscape()
943 co->value = Curl_memdup0(ptr, len); in parse_netscape()
944 if(!co->value) in parse_netscape()
951 co->value = strdup(""); in parse_netscape()
952 if(!co->value) in parse_netscape()
976 DEBUGF(infof(data, "PSL check set-cookie '%s' for domain=%s in %s", in is_public_suffix()
977 co->name, co->domain, domain)); in is_public_suffix()
978 if(data && (domain && co->domain && !Curl_host_is_ipnum(co->domain))) { in is_public_suffix()
983 size_t clen = strlen(co->domain); in is_public_suffix()
989 Curl_strntolower(lcookie, co->domain, clen + 1); in is_public_suffix()
994 infof(data, "libpsl problem, rejecting cookie for satety"); in is_public_suffix()
999 "set cookies for '%s'", co->name, domain, co->domain); in is_public_suffix()
1007 DEBUGF(infof(data, "NO PSL to check set-cookie '%s' for domain=%s in %s", in is_public_suffix()
1008 co->name, co->domain, domain)); in is_public_suffix()
1023 size_t myhash = cookiehash(co->domain); in replace_existing()
1024 for(n = Curl_llist_head(&ci->cookielist[myhash]); n; n = Curl_node_next(n)) { in replace_existing()
1026 if(!strcmp(clist->name, co->name)) { in replace_existing()
1030 if(clist->domain && co->domain) { in replace_existing()
1031 if(strcasecompare(clist->domain, co->domain)) in replace_existing()
1035 else if(!clist->domain && !co->domain) in replace_existing()
1039 clist->spath && co->spath && /* both have paths */ in replace_existing()
1040 clist->secure && !co->secure && !secure) { in replace_existing()
1045 * A non-secure cookie may not overlay an existing secure cookie. in replace_existing()
1051 sep = strchr(clist->spath + 1, '/'); in replace_existing()
1054 cllen = sep - clist->spath; in replace_existing()
1056 cllen = strlen(clist->spath); in replace_existing()
1058 if(strncasecompare(clist->spath, co->spath, cllen)) { in replace_existing()
1060 "overlay an existing cookie", co->name, co->domain); in replace_existing()
1066 if(!replace_n && !strcmp(clist->name, co->name)) { in replace_existing()
1069 if(clist->domain && co->domain) { in replace_existing()
1070 if(strcasecompare(clist->domain, co->domain) && in replace_existing()
1071 (clist->tailmatch == co->tailmatch)) in replace_existing()
1075 else if(!clist->domain && !co->domain) in replace_existing()
1081 if(clist->spath && co->spath && in replace_existing()
1082 !strcasecompare(clist->spath, co->spath)) in replace_existing()
1084 else if(!clist->spath != !co->spath) in replace_existing()
1088 if(replace_old && !co->livecookie && clist->livecookie) { in replace_existing()
1105 co->creationtime = repl->creationtime; in replace_existing()
1121 * sometimes we get an IP-only hostname, and that might also be a numerical
1130 bool httpheader, /* TRUE if HTTP header-style line */ in Curl_cookie_add()
1146 if(data->req.setcookies >= MAX_SET_COOKIE_AMOUNT) in Curl_cookie_add()
1162 if(co->prefix_secure && !co->secure) in Curl_cookie_add()
1163 /* The __Secure- prefix only requires that the cookie be set secure */ in Curl_cookie_add()
1166 if(co->prefix_host) { in Curl_cookie_add()
1168 * The __Host- prefix requires the cookie to be secure, have a "/" path in Curl_cookie_add()
1171 if(co->secure && co->path && strcmp(co->path, "/") == 0 && !co->tailmatch) in Curl_cookie_add()
1177 if(!ci->running && /* read from a file */ in Curl_cookie_add()
1178 ci->newsession && /* clean session cookies */ in Curl_cookie_add()
1179 !co->expires) /* this is a session cookie since it does not expire */ in Curl_cookie_add()
1182 co->livecookie = ci->running; in Curl_cookie_add()
1183 co->creationtime = ++ci->lastct; in Curl_cookie_add()
1202 myhash = cookiehash(co->domain); in Curl_cookie_add()
1203 Curl_llist_append(&ci->cookielist[myhash], co, &co->node); in Curl_cookie_add()
1205 if(ci->running) in Curl_cookie_add()
1209 replaces ? "Replaced":"Added", co->name, co->value, in Curl_cookie_add()
1210 co->domain, co->path, co->expires); in Curl_cookie_add()
1213 ci->numcookies++; /* one more cookie in the jar */ in Curl_cookie_add()
1219 if(co->expires && (co->expires < ci->next_expiration)) in Curl_cookie_add()
1220 ci->next_expiration = co->expires; in Curl_cookie_add()
1234 * struct is initialized. Is file is "-" then STDIN is read.
1261 Curl_llist_init(&ci->cookielist[i], NULL); in Curl_cookie_init()
1266 ci->next_expiration = CURL_OFF_T_MAX; in Curl_cookie_init()
1268 ci->newsession = newsession; /* new session? */ in Curl_cookie_init()
1273 if(!strcmp(file, "-")) in Curl_cookie_init()
1284 ci->running = FALSE; /* this is not running, this is init */ in Curl_cookie_init()
1291 if(checkprefix("Set-Cookie:", lineptr)) { in Curl_cookie_init()
1312 data->state.cookie_engine = TRUE; in Curl_cookie_init()
1314 ci->running = TRUE; /* now, we are running */ in Curl_cookie_init()
1333 /* 1 - compare cookie path lengths */ in cookie_sort()
1334 l1 = c1->path ? strlen(c1->path) : 0; in cookie_sort()
1335 l2 = c2->path ? strlen(c2->path) : 0; in cookie_sort()
1338 return (l2 > l1) ? 1 : -1; /* avoid size_t <=> int conversions */ in cookie_sort()
1340 /* 2 - compare cookie domain lengths */ in cookie_sort()
1341 l1 = c1->domain ? strlen(c1->domain) : 0; in cookie_sort()
1342 l2 = c2->domain ? strlen(c2->domain) : 0; in cookie_sort()
1345 return (l2 > l1) ? 1 : -1; /* avoid size_t <=> int conversions */ in cookie_sort()
1347 /* 3 - compare cookie name lengths */ in cookie_sort()
1348 l1 = c1->name ? strlen(c1->name) : 0; in cookie_sort()
1349 l2 = c2->name ? strlen(c2->name) : 0; in cookie_sort()
1352 return (l2 > l1) ? 1 : -1; in cookie_sort()
1354 /* 4 - compare cookie creation time */ in cookie_sort()
1355 return (c2->creationtime > c1->creationtime) ? 1 : -1; in cookie_sort()
1368 return (c2->creationtime > c1->creationtime) ? 1 : -1; in cookie_sort_ct()
1380 * Returns 0 when there is a list returned. Otherwise non-zero.
1395 if(!ci || !Curl_llist_count(&ci->cookielist[myhash])) in Curl_cookie_getlist()
1404 for(n = Curl_llist_head(&ci->cookielist[myhash]); in Curl_cookie_getlist()
1409 if(co->secure ? secure : TRUE) { in Curl_cookie_getlist()
1412 if(!co->domain || in Curl_cookie_getlist()
1413 (co->tailmatch && !is_ip && in Curl_cookie_getlist()
1414 cookie_tailmatch(co->domain, strlen(co->domain), host)) || in Curl_cookie_getlist()
1415 ((!co->tailmatch || is_ip) && strcasecompare(host, co->domain)) ) { in Curl_cookie_getlist()
1425 if(!co->spath || pathmatch(co->spath, path) ) { in Curl_cookie_getlist()
1428 * This is a match and we add it to the return-linked-list in Curl_cookie_getlist()
1430 Curl_llist_append(list, co, &co->getnode); in Curl_cookie_getlist()
1468 Curl_llist_append(list, array[i], &array[i]->getnode); in Curl_cookie_getlist()
1492 for(n = Curl_llist_head(&ci->cookielist[i]); n;) { in Curl_cookie_clearall()
1500 ci->numcookies = 0; in Curl_cookie_clearall()
1517 struct Curl_llist_node *n = Curl_llist_head(&ci->cookielist[i]); in Curl_cookie_clearsess()
1523 if(!curr->expires) { in Curl_cookie_clearsess()
1526 ci->numcookies--; in Curl_cookie_clearsess()
1563 co->httponly ? "#HttpOnly_" : "", in get_netscape_format()
1566 * tailmatching. This is Mozilla-style. in get_netscape_format()
1568 (co->tailmatch && co->domain && co->domain[0] != '.') ? "." : "", in get_netscape_format()
1569 co->domain ? co->domain : "unknown", in get_netscape_format()
1570 co->tailmatch ? "TRUE" : "FALSE", in get_netscape_format()
1571 co->path ? co->path : "/", in get_netscape_format()
1572 co->secure ? "TRUE" : "FALSE", in get_netscape_format()
1573 co->expires, in get_netscape_format()
1574 co->name, in get_netscape_format()
1575 co->value ? co->value : ""); in get_netscape_format()
1582 * "-" as filename to write to stdout.
1584 * The function returns non-zero on write failure.
1602 if(!strcmp("-", filename)) { in cookie_output()
1614 "# https://curl.se/docs/http-cookies.html\n" in cookie_output()
1618 if(ci->numcookies) { in cookie_output()
1624 array = calloc(1, sizeof(struct Cookie *) * ci->numcookies); in cookie_output()
1632 for(n = Curl_llist_head(&ci->cookielist[i]); n; in cookie_output()
1635 if(!co->domain) in cookie_output()
1689 if(!data->cookies || (data->cookies->numcookies == 0)) in cookie_list()
1693 for(n = Curl_llist_head(&data->cookies->cookielist[i]); n; in cookie_list()
1697 if(!c->domain) in cookie_list()
1730 if(data->set.str[STRING_COOKIEJAR]) { in Curl_flush_cookies()
1734 res = cookie_output(data, data->cookies, data->set.str[STRING_COOKIEJAR]); in Curl_flush_cookies()
1737 data->set.str[STRING_COOKIEJAR], curl_easy_strerror(res)); in Curl_flush_cookies()
1743 if(cleanup && (!data->share || (data->cookies != data->share->cookies))) { in Curl_flush_cookies()
1744 Curl_cookie_cleanup(data->cookies); in Curl_flush_cookies()
1745 data->cookies = NULL; in Curl_flush_cookies()